From iPhone to Spyphone: Strategies To Prevent Spyware Attacks

essidsolutions

The biggest threat to your company’s secrets, sensitive information and overall security may be sitting in your pocket as you read this. Chris Risley, CEO at Bastille Networks, outlines three best practices to protect enterprises from spyware threats.

A recent iPhone vulnerability discovery showcased just how exposed companies are to a potential attack via a smartphone. 

Discovered by Canadian security experts, the ForcedEntry vulnerability allowed spyware to gain control of any iPhone that it targets remotely. And it can do this takeover without the knowledge or action of the user. Once infected with spyware, bad actors can read the iPhone’s messages, including encrypted ones, listen in and record both ends of phone calls, copy all the locations where the phone has been, and turn on the microphone and camera. The last one is especially troubling for businesses, as it potentially gives criminals the ability to listen in on confidential meetings, harvest information for insider trading, corporate espionage and other nefarious exploits.

Apple was quick to issue a patch in regards to ForcedEntry, but by then, many phones had been infected. While Apple is extremely concerned with user privacy, ForcedEntry is probably not the only zero-day vulnerability in the iOS operating system. Hackers and nation-states are looking for new vulnerabilities every day. What ForcedEntry underscored was the continued sophistication of cyberattacks against smartphones. 

See More: How To Choose Enterprise IoT Security Solutions

Spyware Attack On Smartphones

The bottom line is this: from Android to iPhone, no smartphone can be trusted. Not even the iPhone is safe from exploitation and attacks by spyware makers. The “hack and patch” race isn’t likely to end soon. Each new phone feature, each new app, expands the attack surface against which spyware can operate. While many spyware companies keep a low profile, there are dozens of spyware companies worldwide all looking to break in and capture data from smartphones. Some spyware is used by governments and costs millions of dollars per year, some spyware costs as little as $50 and is used by jealous spouses to monitor their significant other. The $50 version has fewer features than the $1 million version and can’t remotely self-install, it must be installed by the spouse when the phone is unlocked. Once installed, the spying begins.  

So, what does this mean for businesses? Our smartphones are typically by our side day and night because they are so useful to us and to our organizations. An all-out ban on smartphones in the workplace is not realistic, but there may be times when a confidential conversation is required, and you should keep smartphones out of the room. Simply turning off smartphones isn’t a solution since modern smartphones are never truly “off.” Spyware does anything that a user can do that including turning the phone on without the user’s knowledge. Turning off a phone may actually be seen by spyware as an ideal time for bad actors to start to listen in. 

See More: IoT Security: The Elephant in the Room

Best Practices To Avoid Spyware Threats

Instead, businesses must be strategic in regards to smartphones in the workplace. Here are some best practices to protect your company from spyware threats:

  • Establish internal corporate policies: Set up a “no phones during confidential conversations” policy and allow “no exceptions,” even the CEO’s phone. Even the most loyal employee’s phone can potentially be compromised without their knowledge. As meetings are a key target for attacks, the only sure prevention is to keep all cell phones outside of the conference room.
  • No exceptions for visitors: Meeting guests should be informed of the no-phone policy and asked to leave their smartphones in a safe area. Visitors who are invited to confidential conversations have the same interest as the organization in keeping confidential things confidential.
  • Adopt cell phone-locating technology: The “honor system” is simply not enough; there is new technology capable of detecting and locating smartphones that may have accidentally been left in sensitive areas such as conference rooms. This technology can pinpoint the location of a violating smartphone and ensure your conference room is, in fact, phone-free. Most of these new technologies can also locate other bugs and transmitters. Some companies use this technology all the time. Some just turn it on during important meetings.

See More: 6 Cybersecurity Questions About an Increasingly Ubiquitous IoT

One compromised smartphone has the potential to bring injury to your entire organization. Finding spyware on a phone is painstaking work, even when the phone is known to be infected. The fix is not in individual phone inspections. However, by establishing a strategic and comprehensive security posture, you can prevent cyber attackers from gaining easy access to critical and sensitive information. 

It’s your call… literally.

Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.

Contact ESSID Solutions

    By clicking Send Message, you agree to our Terms of Use and Privacy Policy.

    Reach out to us for a free consultation on big data consultancy and development services.

    Contact

    Rua Alexandre de Sa Pinto 143
    1300-034 Lisbon
    Portugal

    [email protected] +351927159955
    Privacy Policy Terms of Service Refund and Returns Policy

    © 2024 ESSID SOLUTIONS LDA